Legal claims defining the scope of protection, as filed with the USPTO.
1. A transaction signing apparatus, comprising: a memory; a set of instructions comprising a component collection in the memory, including: a hot secure firmware transaction signing component implemented by a hot hardware security module (HSM), and a cold secure firmware transaction signing component implemented by a first cold HSM; a processor disposed in communication with the memory, and configured to issue a plurality of processing instructions from the component collection stored in the memory, wherein the processor issues instructions from the hot secure firmware transaction signing component, stored in the memory, to: receive, via at least one processor, by the hot HSM, an online transaction signing request message for a transaction from an online transaction signing server (TSS); retrieve, via at least one processor, from the hot HSM's tamper-proof storage, a third master key share; determine, via at least one processor, by the hot HSM, a public key encryption key of the first cold HSM; encrypt, via at least one processor, by the hot HSM, the third master key share using the public key encryption key of the first cold HSM; and return, via at least one processor, the encrypted third master key share to the online TSS for transfer to an offline TSS; wherein the processor issues instructions from the cold secure firmware transaction signing component, stored in the memory, to: receive, via at least one processor, by the first cold HSM, an offline transaction signing request message for the transaction from the offline TSS, wherein the offline transaction signing request message includes: an encrypted second master key share associated with a second cold HSM and the encrypted third master key share associated with the hot HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a private key decryption key of the first cold HSM corresponding to the public key encryption key of the first cold HSM previously provided to the second cold HSM and to the hot HSM, wherein the encrypted second master key share is encrypted using the public key encryption key of the first cold HSM by the second cold HSM; decrypt, via at least one processor, by the first cold HSM, the encrypted second master key share and the encrypted third master key share using the retrieved private key decryption key of the first cold HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a first master key share; recover, via at least one processor, by the first cold HSM, a master private key from the first master key share, the decrypted second master key share and the decrypted third master key share using a secret sharing method; determine, via at least one processor, by the first cold HSM, a keychain path associated with the offline transaction signing request message; generate, via at least one processor, by the first cold HSM, a signing private key for the determined keychain path using the recovered master private key; sign, via at least one processor, by the first cold HSM, the transaction using the generated signing private key to generate a signature; and return, via at least one processor, the generated signature.
2. The apparatus of claim 1 , further, comprising: the processor issues instructions from the hot secure firmware transaction signing component, stored in the memory, to: determine, via at least one processor, by the hot HSM, transaction data associated with the transaction; retrieve, via at least one processor, from the hot HSM's tamper-proof storage, a private signing key corresponding to a public signing key of the hot HSM previously provided to the first cold HSM; sign, via at least one processor, by the hot HSM, the transaction data; and return, via at least one processor, the signed transaction data to the online TSS for transfer to the offline TSS.
3. The apparatus of claim 2 , further, comprising: the processor issues instructions from the cold secure firmware transaction signing component, stored in the memory, to: verify, via at least one processor, by the first cold HSM, the signed transaction data using the public signing key of the hot HSM.
4. The apparatus of claim 1 , wherein an external storage device is utilized to transfer the encrypted third master key share from the online TSS to the offline TSS.
5. The apparatus of claim 1 , wherein the hot HSM and the first cold HSM are PCIe appliances.
6. The apparatus of claim 1 , wherein the second cold HSM is a USB appliance communicatively coupled to the first cold HSM via USB.
7. The apparatus of claim 1 , wherein the second cold HSM includes an authentication entry device.
8. The apparatus of claim 7 , wherein the second cold HSM provides the encrypted second master key share to the offline TSS upon obtaining separate credentials via the authentication entry device from a predetermined number of people.
9. The apparatus of claim 8 , wherein the second cold HSM enforces M-of-N security policy for exporting the encrypted second master key share, wherein access to the second cold HSM is controlled by M-of-N authentication policy.
10. The apparatus of claim 1 , wherein the private key decryption key of the first cold HSM and the public key encryption key of the first cold HSM are predefined.
11. The apparatus of claim 1 , wherein the private key decryption key of the first cold HSM and the public key encryption key of the first cold HSM are generated dynamically for each transaction.
12. The apparatus of claim 1 , wherein the secret sharing method is Shamir's Secret Sharing.
13. The apparatus of claim 1 , further, comprising: the processor issues instructions from the cold secure firmware transaction signing component, stored in the memory, to: delete, via at least one processor, temporary key data from the memory of the first cold HSM after generating the signature.
14. The apparatus of claim 13 , wherein the temporary key data includes the encrypted second master key share, the decrypted second master key share, the encrypted third master key share, the decrypted third master key share, the recovered master private key, and the generated signing private key.
15. The apparatus of claim 1 , wherein the signature is returned in Distinguished Encoding Rules format.
16. A non-transient physical medium storing processor-executable instructions, the instructions, comprising: a component collection stored in the medium, including: a hot secure firmware transaction signing component implemented by a hot hardware security module (HSM), and a cold secure firmware transaction signing component implemented by a first cold HSM; wherein the hot secure firmware transaction signing component, stored in the medium, includes processor-issuable instructions to: receive, via at least one processor, by the hot HSM, an online transaction signing request message for a transaction from an online transaction signing server (TSS); retrieve, via at least one processor, from the hot HSM's tamper-proof storage, a third master key share; determine, via at least one processor, by the hot HSM, a public key encryption key of the first cold HSM; encrypt, via at least one processor, by the hot HSM, the third master key share using the public key encryption key of the first cold HSM; and return, via at least one processor, the encrypted third master key share to the online TSS for transfer to an offline TSS; wherein the cold secure firmware transaction signing component, stored in the medium, includes processor-issuable instructions to: receive, via at least one processor, by the first cold HSM, an offline transaction signing request message for the transaction from the offline TSS, wherein the offline transaction signing request message includes: an encrypted second master key share associated with a second cold HSM and the encrypted third master key share associated with the hot HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a private key decryption key of the first cold HSM corresponding to the public key encryption key of the first cold HSM previously provided to the second cold HSM and to the hot HSM, wherein the encrypted second master key share is encrypted using the public key encryption key of the first cold HSM by the second cold HSM; decrypt, via at least one processor, by the first cold HSM, the encrypted second master key share and the encrypted third master key share using the retrieved private key decryption key of the first cold HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a first master key share; recover, via at least one processor, by the first cold HSM, a master private key from the first master key share, the decrypted second master key share and the decrypted third master key share using a secret sharing method; determine, via at least one processor, by the first cold HSM, a keychain path associated with the offline transaction signing request message; generate, via at least one processor, by the first cold HSM, a signing private key for the determined keychain path using the recovered master private key; sign, via at least one processor, by the first cold HSM, the transaction using the generated signing private key to generate a signature; and return, via at least one processor, the generated signature.
17. A processor-implemented transaction signing system, comprising: a set of instructions comprising a component collection stored in memory, including: a hot secure firmware transaction signing component, to: receive, via at least one processor, by the hot HSM, an online transaction signing request message for a transaction from an online transaction signing server (TSS); retrieve, via at least one processor, from the hot HSM's tamper-proof storage, a third master key share; determine, via at least one processor, by the hot HSM, a public key encryption key of the first cold HSM; encrypt, via at least one processor, by the hot HSM, the third master key share using the public key encryption key of the first cold HSM; and return, via at least one processor, the encrypted third master key share to the online TSS for transfer to an offline TSS; a cold secure firmware transaction signing component, to: receive, via at least one processor, by the first cold HSM, an offline transaction signing request message for the transaction from the offline TSS, wherein the offline transaction signing request message includes: an encrypted second master key share associated with a second cold HSM and the encrypted third master key share associated with the hot HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a private key decryption key of the first cold HSM corresponding to the public key encryption key of the first cold HSM previously provided to the second cold HSM and to the hot HSM, wherein the encrypted second master key share is encrypted using the public key encryption key of the first cold HSM by the second cold HSM; decrypt, via at least one processor, by the first cold HSM, the encrypted second master key share and the encrypted third master key share using the retrieved private key decryption key of the first cold HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a first master key share; recover, via at least one processor, by the first cold HSM, a master private key from the first master key share, the decrypted second master key share and the decrypted third master key share using a secret sharing method; determine, via at least one processor, by the first cold HSM, a keychain path associated with the offline transaction signing request message; generate, via at least one processor, by the first cold HSM, a signing private key for the determined keychain path using the recovered master private key; sign, via at least one processor, by the first cold HSM, the transaction using the generated signing private key to generate a signature; and return, via at least one processor, the generated signature.
18. A processor-implemented transaction signing method, comprising: executing processor-implemented hot secure firmware transaction signing component instructions to: receive, via at least one processor, by the hot HSM, an online transaction signing request message for a transaction from an online transaction signing server (TSS); retrieve, via at least one processor, from the hot HSM's tamper-proof storage, a third master key share; determine, via at least one processor, by the hot HSM, a public key encryption key of the first cold HSM; encrypt, via at least one processor, by the hot HSM, the third master key share using the public key encryption key of the first cold HSM; and return, via at least one processor, the encrypted third master key share to the online TSS for transfer to an offline TSS; executing processor-implemented cold secure firmware transaction signing component instructions to: receive, via at least one processor, by the first cold HSM, an offline transaction signing request message for the transaction from the offline TSS, wherein the offline transaction signing request message includes: an encrypted second master key share associated with a second cold HSM and the encrypted third master key share associated with the hot HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a private key decryption key of the first cold HSM corresponding to the public key encryption key of the first cold HSM previously provided to the second cold HSM and to the hot HSM, wherein the encrypted second master key share is encrypted using the public key encryption key of the first cold HSM by the second cold HSM; decrypt, via at least one processor, by the first cold HSM, the encrypted second master key share and the encrypted third master key share using the retrieved private key decryption key of the first cold HSM; retrieve, via at least one processor, from the first cold HSM's tamper-proof storage, a first master key share; recover, via at least one processor, by the first cold HSM, a master private key from the first master key share, the decrypted second master key share and the decrypted third master key share using a secret sharing method; determine, via at least one processor, by the first cold HSM, a keychain path associated with the offline transaction signing request message; generate, via at least one processor, by the first cold HSM, a signing private key for the determined keychain path using the recovered master private key; sign, via at least one processor, by the first cold HSM, the transaction using the generated signing private key to generate a signature; and return, via at least one processor, the generated signature.
Unknown
April 27, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.